|Summary:||<net-dns/bind-9.7.4_p1,9.8.1_p1 Resolver crashes on invalid records (CVE-2011-4313)|
|Product:||Gentoo Security||Reporter:||Nico Baggus <mlspamcb>|
|Component:||Vulnerabilities||Assignee:||Gentoo Security <security>|
|Severity:||minor||CC:||blakawk, eras, idl0r, mike|
|Package list:||Runtime testing required:||---|
Description Nico Baggus 2011-11-16 20:33:15 UTC
I cam across this somewhere and it seems to be an issue with all binds. This might be worth a GLSA. Reproducible: Always Actual Results: Several fixes are on the site.
Comment 1 Nico Baggus 2011-11-16 20:36:47 UTC
Comment 2 Nico Baggus 2011-11-16 20:44:12 UTC
DSA, only delivers an list of old items sorry.
Comment 3 Paul Varner (RETIRED) 2011-11-16 22:02:00 UTC
FYI, the company I work for was hit by this in a malicious attack. It's a DOS attack that causes named to crash and core dump.
Comment 4 Hanno Böck 2011-11-17 07:10:32 UTC
This sounds rather serious, according to upstream, fixes are in 9.8.1-P1, 9.7.4-P1, 9.6-ESV-R5-P1, 9.4-ESV-R5-P1 (and current stable in portage 9.7.3 is not mentioned, so maybe it's unsupported upstream).
Comment 5 Matus UHLAR - fantomas 2011-11-17 13:38:16 UTC
I can confirm this, only last of each minor is supported, therefore we need to have at least 9.8.1-P1 and 9.7.4-P1 and one of them being stable
Comment 6 Christian Ruppert (idl0r) 2011-11-17 17:22:55 UTC
(In reply to comment #4) > This sounds rather serious, according to upstream, fixes are in 9.8.1-P1, > 9.7.4-P1, 9.6-ESV-R5-P1, 9.4-ESV-R5-P1 (and current stable in portage 9.7.3 is > not mentioned, so maybe it's unsupported upstream). Exactly. So while we're on it, it would be cool if we could stabilize both versions otherwise at least 9.7.4_p1. Both bumps are in gentoo-x86 now and will be on the mirrors soonish.
Comment 7 Matthew Marlowe 2011-11-17 19:43:20 UTC
LWN just ran an article saying that this vulnerability is out in the wild and being actively exploited and that many servers are experiencing DoS as a result. Other distros are already posting notices. http://lwn.net/Articles/467779/#Comments
Comment 8 Nico Baggus 2011-11-18 14:37:25 UTC
Personaly i disagree with minor, as it is a core function of todays internet. There is at least some urgency associated with this incident.
Comment 9 Nico Baggus 2011-11-18 17:17:19 UTC
new server (9.7.4_p1) is now running. Minor difference, 9.7.3_p3 started althoug a log file could not be created, 9.7.4_p1 doesn't start when this happens, not a big deal.
Comment 10 Alex Legler (RETIRED) 2011-11-20 22:58:16 UTC
Arches, please test and mark stable: =net-dns/bind-9.7.4_p1 Target keywords : "alpha amd64 arm hppa ia64 ppc ppc64 s390 sh sparc x86"
Comment 11 Tomáš "tpruzina" Pružina (amd64 [ex]AT) 2011-11-21 00:17:40 UTC
Amd64: works for me.
Comment 12 Agostino Sarubbo 2011-11-21 10:15:26 UTC
amd64 ok, looks perfect on a server.
Comment 13 Paweł Hajdan, Jr. (RETIRED) 2011-11-22 16:15:10 UTC
Comment 14 Jeroen Roovers 2011-11-22 17:48:56 UTC
Stable for HPPA.
Comment 15 Raúl Porcel (RETIRED) 2011-11-26 12:47:56 UTC
Comment 16 Tony Vroon 2011-11-28 10:16:45 UTC
+ 28 Nov 2011; Tony Vroon <firstname.lastname@example.org> bind-9.7.4_p1.ebuild: + Marked stable on AMD64 based on arch testing by Tomáš "Mepho" Pružina & + Agostino "ago" Sarubbo in security bug #390753.
Comment 17 GLSAMaker/CVETool Bot 2011-12-12 23:58:39 UTC
CVE-2011-4313 (http://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-4313): query.c in ISC BIND 9.0.x through 9.6.x, 9.4-ESV through 9.4-ESV-R5, 9.6-ESV through 9.6-ESV-R5, 9.7.0 through 9.7.4, 9.8.0 through 9.8.1, and 9.9.0a1 through 9.9.0b1 allows remote attackers to cause a denial of service (assertion failure and named exit) via unknown vectors related to recursive DNS queries, error logging, and the caching of an invalid record by the resolver.
Comment 18 Mark Loeser (RETIRED) 2011-12-22 22:33:50 UTC
Comment 19 Tim Sammut (RETIRED) 2011-12-22 22:35:53 UTC
Thanks, folks. GLSA Vote: yes.
Comment 20 Stefan Behte (RETIRED) 2012-03-06 01:12:43 UTC
Vote: Yes. GLSA request filed.
Comment 21 GLSAMaker/CVETool Bot 2012-06-02 14:00:10 UTC
This issue was resolved and addressed in GLSA 201206-01 at http://security.gentoo.org/glsa/glsa-201206-01.xml by GLSA coordinator Stefan Behte (craig).